ITTO980705A1 - PROCEDURE AND SYSTEM FOR THE CONTROLLED PROVISION OF NUMERICAL SERVICES SUCH AS, FOR EXAMPLE, MULTIMEDIA TELEMATIC SERVICES. - Google Patents

Description

DESCRIPTION of the industrial invention entitled: "Process and system for the controlled delivery of numerical services such as, for example, multimedia telematic services"

TEXT OF THE DESCRIPTION

The present invention relates to the controlled supply of numerical services such as, for example, multimedia telematic services, and has been developed with particular attention to the possible application within the so-called OPIMA initiative (Open Platform Initiative for Multimedia Access).

Dna description of the purposes and criteria governing this initiative is accessible on the date of filing of this application on the website http: //www.cselt.it/ufv/ leonardo / opima.

Further context information can be deduced for example from the CENELEC EN 50221 standard, called "DVB Common Interface Specification for Conditional Access and other Digital Video Broadcasting Decoder Applications" or in the document DAVIC 1.3 Part 10: "Basic Security Tools for Davic 1.3", published in November 1997 on CD-Rom available at the DAVIC Secretariat c / o Società Italiana Avionica S.p.A., Strada Antica di Collegno, 235; ilio14 6 Turin.

However, the invention is capable of being applied in all those situations in which it is desired to provide a system such as to allow a user or user to have access, with a single decoder, to coded information from different suppliers. The invention can therefore be used in digital broadcasting services via satellite or cable, for example for the supply of paid audiovisual content, including interactive ones. A system according to the invention can be realized inside a decoder of the type currently called Set Top Box (STB), in the context of a personal computer, or integrated directly, for example, in a receiver such as a television receiver with interface numeric type.

In this context, solutions have already been proposed and tested in which access to information (typically a television program) presupposes the availability, at the user, of a decoder device, essentially of the proprietary type of the service provider. In other words, a certain decoder device allows you to receive only the programs transmitted by a certain service provider or, at most, from a limited number of providers who adopt the same service delivery methods.

In general, in order to be able to access different suppliers, the user is however forced to provide himself with a multiplicity of different devices, using alternatively now one, now the other device.

Attempts to achieve a certain degree of standardization have already been made, for example with the definition, by the DAVIC International Forum, of the so-called CAO interface and, above all, with the definition of the so-called CAI interface, illustrated in detail in the DAVIC 1.3 document already mentioned above.

Basically, the aforesaid two interfaces operate at the two levels indicated respectively with dashed and dotted lines in the diagram of Figure 1, intended to be used to illustrate both the solutions according to the known art and the solution according to the invention.

In this scheme the references SP and U indicate, respectively, a supplier (provider) of information services and a user or user of the same.

These services can be different information services, such as (but not limited to): audio and / or television programs, in particular provided according to different request and payment methods, value-added services, advertising services, including premiums, subscription services or provided on the basis of coupons, various information services (banking and stock exchange, traffic, localization, etc.), games, software distribution, teleshopping, remote banking services, polling services, including interactive ones .

Again in the diagram of figure 1, reference D indicates the medium (broadcast via cable, satellite, terrestrial, in a dedicated network, on the Internet, etc.) through which the information generated by the SP supplier reaches the STB reception system of the user U.

In the DAVIC 1.3 standard already mentioned above, this information is present in the form of an MPEG data stream (acronym for Moving Preture Expert Group), in particular as a stream encoded according to the relevant ISO / IEC 13818 (MPEG-2) standards. Messages known as ECM and EMM respectively are inserted into this flow. The acronym ECM, which stands for Entitlement Control Message, identifies the control messages associated with a service. The acronym EMM, which stands for Entitlement Management Message, instead identifies the management messages for authorizations to use services associated with a user.

In the STO unit (i.e. Set Top Unit, which together with the safety block indicated as a whole with SD constitutes the STB reception system available to user U), a receiver block 100 is first presented, intended to perform reception at the hardware level. (demodulation, synchronization, etc.) of the incoming data stream. The latter is intended to be sent towards the SD block and in particular towards a filter 101 and a decryption or decryption block 102.

The signals sent according to the MPEG standard can be encrypted so as to allow them to be read in plain text only by users enabled with an appropriate key.

The decryption function is controlled, within the STU unit, by the management module 103 which sends through a respective command interface instructions to a module 104. The latter acts, within the SD block, as a management element security (so-called Security Manager). In practice, the function of the module 104 is to interact with the filter 101, with the decryption or decryption module 102 and with a user unit 105 to provide towards the module 102 a decryption key such as to allow the module 102 itself to decipher the signal arriving from the receiver 100. This signal can thus be made clear and transferred to a demultiplexer 106 and to a decoder 107 (or to an equivalent processing chain) contained in the STU unit in view of delivery towards the 'user U.

In the more traditional systems mentioned above (of the type of those that implement the so-called CA0 interface in the current terminology in the DAVIC context) the standardization of the STB reception system according to the various SP service providers is limited to the unit only STU.

Everything below the dotted line that in Figure 1 identifies the CAO interface constitutes a part of a specialized device for a specific service provider.

The adoption of the CAI interface allows the standardization of the SD unit as well, moving the need for specialization to a lower level, that is to that of the user unit 105 for which the construction in removable form is envisaged, in particularly in the form of a so-called "smart card".

However, even by resorting to the implementation as a smart card, the problems outlined above are not solved anyway but simply transferred to a different level.

The user or user who wishes to receive information from different SP suppliers will generally have to have many user units 105, therefore many different smart cards, one for each supplier.

In addition to having to provide more smart cards, the user should in any case reconfigure his reception system from time to time according to the provider of the services he wishes to receive, for example by inserting the corresponding smart card into the system.

The scarce practicality of this way of operating is evident, especially if we take into account the fact that in a scenario such as that of the OPIMA initiative, it is desired to provide the user with methods of selecting SP suppliers substantially similar to those normally adopted in receiving of television programs: in practice the possibility of choosing supplier and service through a simple action exerted on a remote control.

At least in principle, the drawbacks outlined above could be solved by providing for the insertion of a plurality of user units 105 in the reception system.

Even independently of any consideration on the complexity of the system, this solution would in any case not solve the problem linked to the need for the user to have more than one user unit 105.

The present invention aims to provide a solution capable of avoiding the drawbacks outlined above, in particular in relation to the possible adoption of the interfaces defined as CAO and CAI, while maintaining general qualities of conformity with such interfaces.

According to the present invention, this object is achieved thanks to a process for the provision of services having the characteristics referred to specifically in the following claims. The invention also relates to the related system.

The invention will now be described, purely by way of non-limiting example, with reference to the attached drawings, in which:

- Figure 1, which is representative - in general terms - also of the solutions according to the known art, has already been examined previously,

- figure 2 illustrates, in the form of a functional block diagram corresponding to the OPIMA reference model (OPIMA Reference Model), a possible embodiment of the invention, and - figure 3 illustrates, in the form of a flow diagram, a possible sequence of operation of a system according to the invention.

In figure 2 elements identical or corresponding to those already described with reference to figure 1 have been indicated with the same references that already appear in figure 1.

This applies in particular to the SP service provider, the distribution channel D to the user U, the STU unit and the ideal location of the CAO and CAI interfaces.

The set of functions illustrated with reference to Figure 1 with reference to modules 101, 102, 104 is performed, in the diagram according to the invention of Figure 2, by a set of elements represented by the blocks TMW1, TMW2 and VM. The abbreviation TMW used for both blocks TMW1 and TMW2 indicates the fact that these blocks are normally implemented at the level of so-called "trusted middleware" (ie software that performs security functions).

In summary, the solution according to the invention can be seen as a development of the solution based on the CAI interface. In the solution according to the invention, the smart card 105, in addition to containing a cryptographic key that cannot be modified or read from the outside, is capable of receiving, verifying, storing and executing an algorithm that allows the use of the services provided by a given supplier.

The verification phase aims to prove the authenticity and integrity of the algorithm before it is stored in the smart card, and is based on the control of an encrypted digital signature performed by a Certification Authority recognized by service providers and manufacturers of the smart card.

The execution of the specific algorithm of the service provider allows to decrypt the proprietary EMM / ECM messages of the service provider itself and to feed the decryption module 102 which provides to make clear the services requested by the user, allowing them.

In this way the user no longer needs to provide himself with more units 105 in order to receive information from different suppliers.

According to the invention it is in fact sufficient to have, for example, a single smart card, of a universal type, and the information relating to the specialization, necessary to be able to receive the information of a specific supplier in clear text, can be downloaded directly from the system in the smart card, taking advantage of the ability of the same to run the programs downloaded through its chip, and the software layer associated with it, represented here as a virtual machine VM.

All this with the further possibility, by the supplier, of checking and verifying the actual enabling of a particular user to receive certain programs. In fact, it is only after the registration of a particular user (for example following the subscription of a subscription) to the set of users enabled to receive a given service that the supplier disseminates the information which, processed at the level of smart card 105, allows the user himself to receive the service.

From the foregoing it is also clear that, although the implementation at the level of a mobile support such as a smart card is preferred (for reasons better explained below), the same function can also be performed in a different way, for example in the form of a circuit function included in the user's STB system.

Unlike the CAO and CAI interfaces described above, which are intrinsically interfaces at the physical level, the solution according to the invention can be implemented at the programming level, in particular by means of a smart card, such as, for example, a so-called Java Card.

The terms "Java" and "Java Card" are registered trademarks of Sun Microsystems. The related description, in particular as regards the definition of so-called API (acronym for Application Programming Interface) is publicly available, at the filing date of this application, on the website http://java.sun.com/products/javacard .

From this point of view, the solution according to the invention can be identified as a new interface level, indicated in figure 2 as CA2 for compliance with the previously used names CAO and CAI, corresponding in practice to an intermediate level of the unit In practice, the solution according to the invention provides that the so-called "trusted middleware" provided by the OPIMA reference model is divided into a static part TMW1, included, according to the solution illustrated in Figure 2, in the STB module , and a dynamic part TMW2, included in the user unit 105.

The complex of functions represented by TMW1 comprises in particular a module SP 'whose function is essentially that of extracting a specific algorithm of the provider SP starting from the MPEG data stream coming from the receiver 100 (Figure 1) to load it into the user unit 105 as a specific part. Preferably this algorithm is inserted as a private data stream in accordance with the ISO / IEC 13818 standard already mentioned. The remaining part in the set of functions TMW1 is constituted by the descrambler 102 and the relative functions represented by the modules 101 and 104 in the diagram of figure 1. The complex of parts and functions TMW1 is therefore completely defined and completely independent from the supplier SP at the time involved in time and consequently is of a standardized type. In practice, the function indicated as TMW2 is identified by a specific algorithm of the single supplier SP which is downloaded into the user unit 105 in a secure way (for example as provided with a cryptographic signature) through the function SP '.

In this way the downloaded algorithm is capable of being executed in the user unit 105 in a safe environment, precisely because of the well-known tamper resistance qualities of smart cards.

This explains why, although in principle it can also be implemented using a circuit or a function incorporated in the user's STB system, the solution according to the invention is preferably implemented at the level of a user unit 105 consisting of a smart card. This choice also allows you to easily replace a possibly damaged or altered smart card. In use, when the user D chooses a particular supplier SP (this can be done through a normal selection operation carried out by acting on a remote control - not illustrated but associated in a known way to the STB system - according to the normal methods adopted, for example , for the selection of a television program) a so-called applet generated by the SP provider in question is transferred to the STB system in view of loading into the respective unit 105. As is known, an applet is a set of Java instructions that implements a certain algorithm . The diffusion can take place, for example, in the case of broadcasting via radio waves by exploiting the carousel configuration adopted for the diffusion of MPEG-2 DSM-CC data (acronyms for Digital Storage Media Command Control).

In this way, within the TMW1 function the filter 101 (figure 1) is programmed in view of the extraction of the EMM data, specific to the single enabled user.

The EMM messages can thus be read and decrypted in view of the interpretation of the data contained in the ECM messages. It is thus possible to proceed with the extraction of the decryption key CW relating to the service which is sent to the descrambler 102, so as to allow the function of the service by the user U through the demultiplexer 106 and the decoder 107.

Of course, it is also possible to provide additional functions, such as that which provides for the secure transfer to the supplier SP of specific information relating to the service provided, such as for example information relating to the extent of consumption of the requested service.

A specific example of operation according to the general criteria just mentioned is illustrated in the flow diagram of Figure 3.

Starting from an initial step 200, the step indicated with 201 represents the choice, by the user, of a particular supplier SP. This step can be implemented, for example, by tuning - in a known way - the STB system to a certain frequency.

As a result (step 202) the STB system in question begins to receive from the supplier SP the data transport stream, for example in the MPEG-2 format, transmitted by the supplier SP.

Step 203 represents the extraction of the TMW2 function (of dynamic type) by the SP 'function.

After having reset (in step 204) the user unit 105, in the following step 205 the STB system installs the TMW2 function in it (for example as a Java Card applet). The STB system then requests (step 206) to the same unit 105, in particular to the part of the virtual machine VM that is able to process the extracted data, how to initialize the filter function, represented by block 101 in Figure 1.

At this point (step 207) the STB system begins to send the filtered EMM data to the user unit 105, thus completing the enabling of the supplier / user communication. The latter can then choose (step 208) the desired service. At this point the STB system begins to filter the ECM signals associated with the selected service by sending them to the user unit 105 where it is checked (step 210) whether the user is enabled to access the service.

In the event of a negative outcome (user not enabled), the operation evolves towards a further phase of choosing a possible other service (step 216, which will be discussed below).

If, on the contrary, the user is enabled (positive result of the comparison step 210) as registered as such with the supplier SP, in particular in relation to the selected service, the ECM data are decrypted by the unit 105 (step 211) returning the respective control words to the STB system (step 212).

In this way the TMW1 (static) function of the STB system is able to decrypt the service bringing it in clear text (step 213) in view of delivery to the user (step 214) through modules 106 and 107.

Step 215 is aimed at verifying whether the user, with the application to the STB system of an order (for example given via remote control) has expressed the will to interrupt the use of the service or if the service itself is terminated.

If this is not the case (negative outcome of step 215) operation returns upstream of step 211, with the possibility of taking into account any periodic variation of the CW decryption key.

If step 215 is successful, in a subsequent step 216 it is checked whether the user intends to use a new service. As already said, the operation can evolve towards step 216 even in the case of a negative outcome of step 210, so as to allow a user not enabled to use a specific service to choose a different service.

The negative outcome of step 216 determines the evolution towards a terminal phase 300. It will be appreciated that this does not usually correspond to a real stop of the STB system but only to the achievement of a waiting state (idle).

The positive outcome of step 216 determines the return towards step 201 for choosing a new supplier or towards step 208 for choosing a new service provided by the same supplier used previously following the outcome of a corresponding choice step 217 .

Naturally, the principle of the invention remaining the same, the details of construction and the embodiments may be widely varied with respect to what has been described and illustrated, without thereby departing from the scope of the present invention, as defined by the attached claims.

Claims (15)

CLAIMS 1. Process for the controlled provision of digital services within a plurality of suppliers (SP) and users (U), in which said services are identified by respective coded data flows provided by said suppliers (SP) and users are provided with receiving means (STB) for receiving said data flows, the receiving means being selectively enabled for the use of services determined through a respective user unit (105), characterized in that it comprises the operations of: - incorporate in said encoded data flows at least one enabling algorithm for the use of respective specific services (TMW2), - incorporate in said coded data flows a respective identification code (EMM) for each user (D) to be enabled to receive a specific service, - associating to said user unit (105) a processing function (VM) capable of recognizing and executing said at least one enabling algorithm on the basis of said identification code to enable the reception means (STB) of the respective user to use said service. 2 . Process according to claim 1, characterized in that it comprises the operation of configuring said user unit (105) as a mobile processing support uniquely assigned to one of said users (1) and which can be selectively associated to said receiving means (STB), said receiving means (STB) being of the generalized type common to several users of said plurality (U). 3. Process according to claim 2, characterized in that it comprises the operation of configuring said mobile processing support as a smart card. 4. Process according to any one of the preceding claims, characterized in that it comprises the operations of: - associate a trusted middleware (TMW) function to said receiving means (STB), - configuring said trusted middleware function in a static part (TMW1), residing on said receiving means (STB), and in a dynamic part (TMW2) selectively transferable on said user unit (105) in view of the execution of said at least one algorithm by said processing function (VM). 5. Process according to any one of the preceding claims, characterized in that it comprises the operations of: - configure said data streams as MPEG type data streams, containing EMM type messages, - insert this identification code in EMM type messages, - activate, through said user unit (105), following the receipt of said at least one algorithm, the performance of the following functions: - extraction, reading and decryption of the EMM messages contained in the received data stream, - interpretation of said identification code contained in EMM messages, - execution of said at least one enabling algorithm on the basis of said identification code. Method according to any one of the preceding claims, characterized in that said at least one enabling algorithm is incorporated in a private data flow within said data flows. 7. Process according to any one of the preceding claims, characterized in that following the reception of said at least one algorithm, said processing function (VM) enables said receiving means for operation as transmitters for emitting information relating to the delivery of the service itself. 8. System for the controlled supply of numerical services within a plurality of suppliers (SP) and users (U) in which said services are identified by respective coded data flows provided by said suppliers (SP) and users are provided with receiving means (STB) for receiving said data flows, the receiving means being selectively enabled to use certain services through a respective user unit (105), characterized in that: - said suppliers (SP) are configured to incorporate in the respective coded data flows, at least one algorithm to enable the use of respective specific services, as well as to incorporate in said coded data flows, a respective identification code (TMW2), for each user (D) to be enabled to receive a specific service, - said user units (105) have associated a processing function (VM) capable of recognizing and executing said at least one algorithm on the basis of said identification code to enable the respective reception means (STB) of the respective user to use said service . 9. System according to claim 8, characterized in that said user units (105) are configured as mobile processing supports each univocally assigned to one of said users (1) and selectively associable to said receiving means, said receiving means being of a generalized type common to several users of said plurality (U). 10. System according to claim 9, characterized in that said mobile processing supports are configured as smart cards. 11. System according to any one of the preceding claims 8 to 10, characterized in that: - said receiving means (STB) have associated a trusted middleware (TMW) function configured in a static part (TMW1), residing on said receiving means (STB), and in a dynamic part (TMW2) selectively transferable to the respective unit user (105) in view of the execution of said at least one algorithm by said processing function (VM). 13. System according to any one of the preceding claims 8 to 11, characterized in that said service providers deliver said data flows as MPEG-type data flows containing EMM-type messages with said identification code inserted in said EMM-type messages, and said receiving means include: - means of extracting, reading and decrypting the EMM messages contained in the received data stream, - interpretation means (103, 104) for interpreting said identification code contained in the EMM messages, e - processing means (VM) for executing said at least one enabling algorithm on the basis of said identification code. 13. System according to any one of the preceding claims 8 to 12, characterized in that said service providers incorporate said at least one enabling algorithm in a private data flow within said data flows. 14. System according to claim 13, characterized by the fact that the receiving means can be activated by said user unit (105) following the reception of said at least one algorithm for operation as transmitters to emit information relating to the provision of the service itself . 15. System according to any one of claims 8 to 14, characterized in that said user unit (105) is configured as a Java Card.